Jump to content

Uploading a File.


supanoob

Recommended Posts

well, i want to allow users to upload an image.

so far this is what i have

[code]if ($step == 1)
{
if ($REQUEST_METHOD == "POST")
{



   
    $uploaddir =  $_SERVER['DOCUMENT_ROOT'] . "/images/";
   
   

    $pext = getFileExtension($imgfile_name);
    $pext = strtolower($pext);
    if (($pext != "jpg")  && ($pext != "jpeg")  && ($pext != "bmp")  && ($pext != "dib")  && ($pext != "png"))
    {
        print "<h1>ERROR</h1>Image Extension Unknown.<br>";
        print "<p>Please upload only images with the extensions .jpg, .jpeg, .bmp, .dib and .pngONLY<br><br>";
        print "The file you uploaded had the following extension: $pext</p>\n";

        unlink($imgfile);
        exit();
    }



    $imgsize = GetImageSize($imgfile);


    if (($imgsize[0] > 250) || ($imgsize[1] > 200))
    {

        $tmpimg = tempnam("/tmp", "MKUP");



        system("djpeg $imgfile >$tmpimg");
       

        system("pnmscale -xy 250 200 $tmpimg | cjpeg -smoo 10 -qual 50 >$imgfile");


        unlink($tmpimg);

    }

    $final_filename = str_replace(" ", "_", $imgfile_name);
    $newfile = $uploaddir . "/$final_filename";
   

    if (is_uploaded_file($imgfile))
    {


      if (!copy($imgfile,"$newfile"))
      {

          print "Error Uploading File.";
          exit();
      }
    }

    unlink($imgfile);

   
    print("<img src=\"$final_filename\">");


}
}[/code]

now the actual form they use is:

[code]          <form action="playdes.php?step=1" method="POST" enctype="multipart/form-data">
          <input type="hidden" name="MAX_FILE_SIZE" value="50000">
          <p>Upload Image: <input type="file" name="imgfile"><br>
          <font size="1">Click browse to upload a local file</font><br>
          <br>
          <input type="submit" value="Upload Image">
          </form>[/code]

the problem is whenever i go to test the form, i get the following error message:
[quote]
Fatal error: Call to undefined function: getfileextension() in /home/content/A/r/c/ArchAngel390/html/playdes.php on line 42[/quote]

and i cant understand why can someone shed a little light upon the problem?
Link to comment
Share on other sites

The function isn't set
use something like
if (is_function($getFileExtension)) {
echo "This is a function";
}else {
echo "This is not a function";
}
try this out for a test first, find out if the function even exists.
If that turns out else, then something is wrong, if the function exists, then make sure it's included properly if it's in an extra page.
Link to comment
Share on other sites

Then the function isn't set, are you using it in an include, if so use require_once()
instead o
because it won't runt hte script unless it's included.
Then go to the other page where your function exists, and test the script there, the one I showed you, if it says it doesn't exist, even if you use it on the same page where the function is, then something is wrong with the function itself, in that case display the function here.
Link to comment
Share on other sites

getFileExtension() is not a predefined PHP function and I don't see it defined anywhere in your code.

You could write your own. Something like:
[code]<?php
function getFileExtension($fn) {
  $x = pathinfo($fn);
  return($x['extension']);
}?>[/code]

Ken
Link to comment
Share on other sites

Look at the code to learn how to set a function ok.
good luck.


test.php

<?php

include("test_result.php");
?>

<table border="4" align="center">
<td>
A user i no has the age of <?php get_age($age) ?>

</td>
</table>




test_result.php
<?php

$age=10;

function get_age($age) {

if($age > 9) {

echo "9";

}
}
?>
Link to comment
Share on other sites

FFS, i have the funtion file now. and now i get this error

[quote]Possible file upload attack: filename ''.
Fatal error: Call to undefined function: getfileextension() in /home/content/A/r/c/ArchAngel390/html/playsub.php on line 118[/quote]

the whole of my php code for my actual action is below:

[code]<?php
session_start();

//this code is compyright to supanoob http://www.twottk.com
// to use this code you must have his permission to gain
// permission please mail him at webmaster@twottk.com
require_once('header.php');
require_once('imgfile_name.php');
if (!$_SESSION['valid_user'])

{ echo 'you are not logged in';

die();
}
$user=$_SESSION['valid_user'];

$query="select playerid, rank, jail, postcount, race, posx, won, lost, wonid, lostid, posy, arm1, race, facd, fach, face, arm2, arm3, arm4, jailreason, user, wep1, wep2, wep3, wep4, name, email, win, lose, total, gold, fatigue, maxfat, power, speed, dex, intel, health, maxhealth, gender from players where user='$user'";
$result=mysql_query($query);
if (!$result)
{
die (mysql_error());
}

$num_rows=mysql_num_rows($result);

$row=mysql_fetch_array($result);
$rank=($row['rank']);
$jail=($row['jail']);
$jailreason=($row['jailreason']);
$playerid=($row['playerid']);
$name=($row['name']);
$gold=($row['gold']);
$user=($row['user']);
$password=($row['password']);
$fatigue=($row['fatigue']);
$maxfat=($row['maxfat']);
$power=($row['power']);
$speed=($row['speed']);
$dex=($row['dex']);
$intel=($row['intel']);
$health=($row['health']);
$maxhealth=($row['maxhealth']);
$gender=($row['gender']);
$win=($row['win']);
$lose=($row['lose']);
$total=($row['total']);
$race=($row['race']);
$wep1=($row['wep1']);
$wep2=($row['wep2']);
$wep3=($row['wep3']);
$wep4=($row['wep4']);
$arm1=($row['arm1']);
$arm2=($row['arm2']);
$arm3=($row['arm3']);
$arm4=($row['arm4']);
$face=($row['face']);
$fach=($row['fach']);
$facd=($row['facd']);
$chardes=($row['chardes']);
$realname=($row['realname']);
$age=($row['age']);
$description=($row['description']);
$hobbies=($row['hobbies']);
$imgurl=($row['imgurl']);
$posx=($row['posx']);
$posy=($row['posy']);
$won=($row['won']);
$wonid=($row['wonid']);
$lost=($row['lost']);
$lostid=($row['lostid']);
$postcount=($row['postcount']);

$_SESSION['valid_user'] = $user;

if ($jail > 0)
{
echo "you are in jail for $jail more days, the reason being:<br /> $jailreason";

die();
}

if ($step == 0)
{
$realname=$_POST['realname'];
$age=$_POST['age'];
$description2=$_POST['description'];
$hobbies=$_POST['hobbies'];
$imgurl=$_POST['imgurl'];

$sql2="UPDATE players SET realname='$realname', age='$age', description='$description2', hobbies='$hobbies', imgurl='$imgurl' WHERE user='$user'";
if(mysql_query($sql2));
}



if ($step == 1)
{
if ($REQUEST_METHOD == "POST")
{

    /* SUBMITTED INFORMATION - use what you need
    * temporary filename (pointer): $imgfile
    * original filename          : $imgfile_name
    * size of uploaded file      : $imgfile_size
    * mime-type of uploaded file  : $imgfile_type
    */

    /*== upload directory where the file will be stored
          relative to where script is run ==*/
   
    $uploaddir =  $_SERVER['DOCUMENT_ROOT'] . "/images/";
   
   
    /*== get file extension (fn at bottom of script) ==*/
    /*== checks to see if image file, if not do not allow upload ==*/
    $pext = getFileExtension($imgfile_name);
    $pext = strtolower($pext);
    if (($pext != "jpg")  && ($pext != "jpeg")  && ($pext != "bmp")  && ($pext != "dib")  && ($pext != "png"))
    {
        print "<h1>ERROR</h1>Image Extension Unknown.<br>";
        print "<p>Please upload only images with the extensions .jpg, .jpeg, .bmp, .dib and .pngONLY<br><br>";
        print "The file you uploaded had the following extension: $pext</p>\n";

        /*== delete uploaded file ==*/
        unlink($imgfile);
        exit();
    }


    //-- RE-SIZING UPLOADED IMAGE

    /*== only resize if the image is larger than 250 x 200 ==*/
    $imgsize = GetImageSize($imgfile);

    /*== check size  0=width, 1=height ==*/
    if (($imgsize[0] > 250) || ($imgsize[1] > 200))
    {
        /*== temp image file -- use "tempnam()" to generate the temp
            file name. This is done so if multiple people access the
            script at once they won't ruin each other's temp file ==*/
        $tmpimg = tempnam("/tmp", "MKUP");

        /*== RESIZE PROCESS
            1. decompress jpeg image to pnm file (a raw image type)
            2. scale pnm image
            3. compress pnm file to jpeg image
        ==*/
       
        /*== Step 1: djpeg decompresses jpeg to pnm ==*/
        system("djpeg $imgfile >$tmpimg");
       

        /*== Steps 2&3: scale image using pnmscale and then
            pipe into cjpeg to output jpeg file ==*/
        system("pnmscale -xy 250 200 $tmpimg | cjpeg -smoo 10 -qual 50 >$imgfile");

        /*== remove temp image ==*/
        unlink($tmpimg);

    }

    /*== setup final file location and name ==*/
    /*== change spaces to underscores in filename  ==*/
    $final_filename = str_replace(" ", "_", $imgfile_name);
    $newfile = $uploaddir . "/$final_filename";
   
    /*== do extra security check to prevent malicious abuse==*/
    if (is_uploaded_file($imgfile))
    {

      /*== move file to proper directory ==*/
      if (!copy($imgfile,"$newfile"))
      {
          /*== if an error occurs the file could not
              be written, read or possibly does not exist ==*/
          print "Error Uploading File.";
          exit();
      }
    }

    /*== delete the temporary uploaded file ==*/
    unlink($imgfile);

   
    print("<img src=\"$final_filename\">");

    /*== DO WHATEVER ELSE YOU WANT
        SUCH AS INSERT DATA INTO A DATABASE  ==*/

}
}

?>

[/code]

and my function is below:

[code]<?php
session_start();

if (is_uploaded_file($_FILES['userfile']['imgfile_name'])) {
  echo "File ". $_FILES['userfile']['name'] ." uploaded successfully.\n";
  echo "Displaying contents\n";
  readfile($_FILES['userfile']['imgfile_name']);
} else {
  echo "Possible file upload attack: ";
  echo "filename '". $_FILES['userfile']['imgfile_name'] . "'.";
}

?> [/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.